location privacy preserving mechanisms
play

Location Privacy Preserving Mechanisms Friederike Groschupp April - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location Privacy Preserving Mechanisms Friederike Groschupp April 21, 2017 Chair of Network Architectures and Services Department of


  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location Privacy Preserving Mechanisms Friederike Groschupp April 21, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Contents Introduction Basic Concepts Approaches Cloaking Mix zones Dummy queries Private Information Retrieval Conclusion Friederike Groschupp – Location Privacy Preserving Mechanisms 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location-Based Service (LBS) Application that uses geographical information in order to pro- vide a service. Friederike Groschupp – Location Privacy Preserving Mechanisms 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location-Based Service (LBS) Application that uses geographical information in order to pro- vide a service. Use cases: • Navigation • Finding POIs • Pervasive computing • Receiving location-specific service Friederike Groschupp – Location Privacy Preserving Mechanisms 3

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location Privacy The capability of precluding other parties from learning the user’s current or former location [2]. Friederike Groschupp – Location Privacy Preserving Mechanisms 4

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location Privacy The capability of precluding other parties from learning the user’s current or former location [2]. • No single location information may identify the user • Several disclosed locations may not identify or profile the user Friederike Groschupp – Location Privacy Preserving Mechanisms 4

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Assumptions • User provides the location information in service request • No other information than location information can reveal identity • Applications are able to work with (short term) pseudonyms • Adversary: Location-based service Friederike Groschupp – Location Privacy Preserving Mechanisms 5

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Introduction Basic Concepts Approaches Cloaking Mix zones Dummy queries Private Information Retrieval Conclusion Friederike Groschupp – Location Privacy Preserving Mechanisms 6

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich k-anonymity [1] A set is k -anonymous if it includes the user and at least k − 1 other users identical to it in regards of the attributes considered. Distribution of users Friederike Groschupp – Location Privacy Preserving Mechanisms 7

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich k-anonymity [1] A set is k -anonymous if it includes the user and at least k − 1 other users identical to it in regards of the attributes considered. Distribution of users k=3 Friederike Groschupp – Location Privacy Preserving Mechanisms 7

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich k-anonymity [1] A set is k -anonymous if it includes the user and at least k − 1 other users identical to it in regards of the attributes considered. Distribution of users k=3 k=6 Friederike Groschupp – Location Privacy Preserving Mechanisms 7

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Location Server (LS) Trusted third party operating between the user and the LBS. • Receives the service request containing location information from the user • Computes anonymized request according to the approach • Forwards the request with processed information to LBS • Filters the response and forwards it to user Friederike Groschupp – Location Privacy Preserving Mechanisms 8

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Introduction Basic Concepts Approaches Cloaking Mix zones Dummy queries Private Information Retrieval Conclusion Friederike Groschupp – Location Privacy Preserving Mechanisms 9

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking [6] Goal: construct area as small as possible that is still k -anonymous. Friederike Groschupp – Location Privacy Preserving Mechanisms 10

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking [6] Goal: construct area as small as possible that is still k -anonymous. • Relies on Location Server • Spatial cloaking: based on quadtree-algorithm • Temporal cloaking: delay request for more accurate location infor- mation Friederike Groschupp – Location Privacy Preserving Mechanisms 10

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Goal: construct area as small as possible that is still 3 -anonymous Friederike Groschupp – Location Privacy Preserving Mechanisms 11

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Goal: construct area as small as possible that is still 3 -anonymous Friederike Groschupp – Location Privacy Preserving Mechanisms 11

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Goal: construct area as small as possible that is still 3 -anonymous Friederike Groschupp – Location Privacy Preserving Mechanisms 12

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Goal: construct area as small as possible that is still 3 -anonymous Friederike Groschupp – Location Privacy Preserving Mechanisms 13

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Goal: construct area as small as possible that is still 3 -anonymous Friederike Groschupp – Location Privacy Preserving Mechanisms 14

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Goal: construct area as small as possible that is still 3 -anonymous Friederike Groschupp – Location Privacy Preserving Mechanisms 15

  22. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Area computed is unnecessarily large! Friederike Groschupp – Location Privacy Preserving Mechanisms 16

  23. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Spatial Cloaking [6] Area computed is unnecessarily large! Friederike Groschupp – Location Privacy Preserving Mechanisms 17

  24. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cloaking - Temporal Cloaking [6] Wait until at least k − 1 other users have resided in a predefined area. Friederike Groschupp – Location Privacy Preserving Mechanisms 18

  25. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Mix zones [2] • Use of a Location Server • Use of short term pseudonyms • Predefined areas: mix zones and application zones • Application zone: users send location updates in order to receive a service • Mix zone: area where no user sends location updates, identities are mixed Friederike Groschupp – Location Privacy Preserving Mechanisms 19

  26. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Mix zones - Security Analysis [2] Size of the anonymity set is determined by the numbers of users present User movement is in reality mostly not equiprobable: B A Mix zone D C Friederike Groschupp – Location Privacy Preserving Mechanisms 20

  27. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Dummy queries [3] User generates data for k − 1 synthetic users and sends the requests to the LBS. Friederike Groschupp – Location Privacy Preserving Mechanisms 21

  28. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Dummy queries [3] User generates data for k − 1 synthetic users and sends the requests to the LBS. Dummies created have to be realistic! Friederike Groschupp – Location Privacy Preserving Mechanisms 21

  29. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Dummy queries - SybilQuery [7] • Considers users traveling along predefined routes • No Location Server required • Dummy routes have similar characteristics to real route • Dummy requests are sent while travelling along the route Friederike Groschupp – Location Privacy Preserving Mechanisms 22

Recommend


More recommend